Hello Daniele, Depending on the PF version that you are using, PF has a VLAN filter rules that automatically unregister device seen doing Mac authentication while their previous authentication known was 802.1x.
That rule is by default enabled on the wireless but not on the wired. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 14, 2022, at 7:02 PM, Daniele via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello, everybody. > I am using packetfence 10.1 in dot1x + mab mode. > Everything works correctly, business users authenticate with domain > credentials and guests through the portal. However, I have a problem. When a > user is already authenticated with dot1x, if I use the same mac address on > another network device on any other network port, the new device is > authenticated in mab even without entering credentials. Is there any way to > prevent mab from inheriting authentication from dot1x? in other words, how to > force the re-authentication of a device if the mac address is already > registered with dot1x somewhere else? > > Thanks, > Daniele > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!V2aSBtnSYfHgZufxrG_MFLKGDLfb5Rrp1qTszoImP1zuZ1QaKjqFzX9yNxHMwkJyroD9iRqV0YMGTIpzst5eEX-li5NhX-XBKL-0FA$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
